1.. currentmodule:: asyncssh 2 3Change Log 4========== 5 6Release 2.8.1 (8 Nov 2021) 7-------------------------- 8 9* Fixed a regression in handling of the passphrase argument used to 10 decrypt private keys. 11 12Release 2.8.0 (3 Nov 2021) 13-------------------------- 14 15* Added new connect_timeout option to set a timeout which includes the 16 time taken to open an outbound TCP connection, allowing connections 17 to be aborted without waiting for the default socket connect timeout. 18 The existing login_timeout option only applies after the TCP connection 19 was established, so it could not be used for this.. The support for the 20 ConnectTimeout config file option has also been updated to use this new 21 capability, making it more consistent with OpenSSH's behavior. 22 23* Added the ability to use the passphrase argument specified in a connect 24 call to be used to decrypt keys used to connect to bastion hosts. 25 Previously, this argument was only applied when making a connection 26 to the main host and encrypted keys could only be used when they 27 were loaded separately. 28 29* Updated AsyncSSH's "Record" class to make it more IDE-friendly when 30 it comes to things like auto-completion. This class is used as a base 31 class for SSHCompletedProcess and various SFTP attribute classes. 32 Thanks go to Github user zentarim for suggesting this improvement. 33 34* Fixed a potential uncaught exception when handling forwarded connections 35 which are immediately closed by a peer. 36 37Release 2.7.2 (15 Sep 2021) 38--------------------------- 39 40* Fixed a regression related to server host key selection when attempting 41 to use a leading '+' to add algorithms to the front of the default list. 42 43* Fixed logging to properly handle SFTPName objects with string filenames. 44 45* Fixed SSH_EXT_INFO to only be sent after the first key exchange. 46 47 48Release 2.7.1 (6 Sep 2021) 49-------------------------- 50 51* Added an option to allow encrypted keys to be ignored when no passphrase 52 is set. This behavior previously happened by default when loading keys 53 from default locations, but now this option to load_keypairs() can be 54 specified when loading any set of keys. 55 56* Changed loading of default keys to automatically skip key types which 57 aren't supported due to missing dependencies. 58 59* Added the ability to specify "default" for server_host_key_algs, as 60 a way for a client to request that its full set of default algorithms 61 be advertised to the server, rather than just the algorithms matching 62 keys in the client's known hosts list. Thanks go to Manfred Kaiser 63 for suggesting this improvement. 64 65* Added support for tilde-expansion in the config file "include" 66 directive. Thanks go to Zack Cerza for reporting this and suggesting 67 a fix. 68 69* Improved interoperatbility of AsyncSSH SOCKS listener by sending a zero 70 address rather than an empty hostname in the SOCKS CONNECT response. 71 Thanks go to Github user juouy for reporting this and suggesting a fix. 72 73* Fixed a couple of issues related to sending SSH_EXT_INFO messages. 74 75* Fixed an issue with using SSHAcceptor as an async context manager. 76 Thanks go to Paulo Costa for reporing this. 77 78* Fixed an issue where a tunnel wasn't always cleaned up properly when 79 creating a remote listener. 80 81* Improved handling of connection drops, avoiding exceptions from being 82 raised in some cases when the transport is abruptly closed. 83 84* Made AsyncSSH SFTP support more tolerant of file permission values with 85 undefined bits set. Thanks go to GitHub user ccwufu for reporting this. 86 87* Added some missing key exchange algorithms in the AsyncSSH documentation. 88 Thanks go to Jeremy Norris for noticing and reporting this. 89 90* Added support for running AsyncSSH unit tests on systems with OpenSSL 91 3.0 installed. Thanks go to Ken Dreyer for raising this issue and 92 pointing out the new OpenSSL "provider" support for legacy algorithms. 93 94Release 2.7.0 (19 Jun 2021) 95--------------------------- 96 97* Added support for the ProxyCommand config file option and a 98 corresponding proxy_command argument in the SSH connection options, 99 allowing a subprocess to be used to make the connection to the SSH 100 server. When the config option is used, it should be fully compatible 101 with OpenSSH percent expansion in the command to run. 102 103* Added support for accessing terminal information as properties in the 104 SSHServerProcess class. As part of this change, both the environment 105 and terminal modes are now available as read-only mappings. Thanks 106 again to velavokr for suggesitng this and submitting a PR with a 107 proposed version of the change. 108 109* Fixed terminal information passed to pty_requested() callback to 110 properly reflect requested terminal type, size, and modes. Thanks go 111 to velavokr for reporting this issue and proposing a fix. 112 113* Fixed an edge case where a connection object might not be cleaned up 114 properly if the connection request was cancelled before it was fully 115 established. 116 117* Fixed an issue where some unit tests weren't properly closing 118 connection objects before exiting. 119 120Release 2.6.0 (1 May 2021) 121-------------------------- 122 123* Added support for the HostKeyAlias client config option and a 124 corresponding host_key_alias option, allowing known_hosts lookups 125 and host certificate validation to be done against a different 126 hoetname than what is used to make the connection. Thanks go to 127 Pritam Baral for contributing this feature! 128 129* Added the capability to specify client channel options as connection 130 options, allowing them to be set in a connect() call or as values in 131 SSHClientConnectionOptions. These values will act as defaults for 132 any sessions opened on the connection but can still be overridden 133 via arguments in the create_session() call. 134 135* Added support for dynamically updating SSH options set up in a 136 listen() or listen_reverse() call. A new SSHAcceptor class is now 137 returned by these calls which has an update() method which takes 138 the same keyword arguments as SSHClientConnectionOptions or 139 SSHServerConnectionOptions, allowing you to update any of the 140 options on an existing listener except those involved in setting 141 up the listening sockets themselves. Updates will apply to future 142 connections accepted by that listener. 143 144* Added support for a number of algorithms supported by the ssh.com 145 Tectia SSH client/server: 146 147 Key exchange: 148 149 | diffie-hellman-group14-sha256\@ssh.com (enabled by default) 150 151 | diffie-hellman-group14-sha224\@ssh.com (available but not default) 152 | diffie-hellman-group15-sha256\@ssh.com 153 | diffie-hellman-group15-sha384\@ssh.com 154 | diffie-hellman-group16-sha384\@ssh.com 155 | diffie-hellman-group16-sha512\@ssh.com 156 | diffie-hellman-group18-sha512\@ssh.com 157 158 HMAC: 159 160 | hmac-sha256-2\@ssh.com (all enabled by default) 161 | hmac-sha224\@ssh.com 162 | hmac-sha256\@ssh.com 163 | hmac-sha384\@ssh.com 164 | hmac-sha512\@ssh.com 165 166 RSA public key algorithms: 167 168 | ssh-rsa-sha224\@ssh.com (all enabled by default) 169 | ssh-rsa-sha256\@ssh.com 170 | ssh-rsa-sha384\@ssh.com 171 | ssh-rsa-sha512\@ssh.com 172 173 Encryption: 174 175 | seed-cbc\@ssh.com (available but not default) 176 177* Added a new 'ignore-failure' value to the x11_forwarding argument in 178 create_session(). When specified, AsyncSSH will attempt to set up X11 179 forwarding but ignore failures, behaving as if forwarding was never 180 requested instead of raising a ConnectionOpenError. 181 182* Extended support for replacing certificates in an SSHKeyPair, allowing 183 alternate certificates to be used with SSH agent and PKCS11 keys. This 184 provides a way to use X.509 certificates with an SSH agent key or 185 OpenSSH certificates with a PKCS11 key. 186 187* Extended the config file parser to support '=' as a delimiter between 188 keywords and arguments. While this syntax appears to be rarely used, 189 it is supported by OpenSSH. 190 191* Updated Fido2 support to use version 0.9.1 of the fido2 package, 192 which included some changes that were not backward compatible with 193 0.8.1. 194 195* Fixed problem with setting config options with percent substitutions 196 to 'none'. Percent subsitution should not be performed in this case. 197 Thanks go to Yuqing Miao for finding and reporting this issue! 198 199* Fixed return type of filenames in SFTPClient scandir() and readlink() 200 when the argument passed in is a Path value. Previously, the return 201 value in this case was bytes, but that was only meant to apply when the 202 input argument was passed as bytes. 203 204* Fixed a race condition related to closing a channel before it is fully 205 open, preventing a client from potentially hanging forever if a 206 session was closed while the client was still attempting to request a 207 PTY or make other requests as part of opening the session. 208 209* Fixed a potential race condition related to making parallel calls to 210 SFTPClient makedirs() which try to create the same directory or a 211 common parent directory. 212 213* Fixed RFC 4716 parser to allow colons in header values. 214 215* Improved error message when AsyncSSH is unable to get the local 216 username on a client. Thanks go to Matthew Plachter for reporting 217 this issue. 218 219Release 2.5.0 (23 Dec 2020) 220--------------------------- 221 222* Added support for limiting which identities in an SSH agent will be 223 used when making a connection, via a new "agent_identities" config 224 option. This change also adds compatibility with the OpenSSL config 225 file option "IdentitiesOnly". 226 227* Added support for including Subject Key Identifier and Authority Key 228 Identifier extensions in generated X.509 certificates to better comply 229 with RFC 5280. 230 231* Added support for makedirs() and rmtree() methods in the AsyncSSH 232 SFTP client, as well as a new scandir() method which returns an async 233 iterator to more efficiently process very large directories. Thanks 234 go to Joseph Ernest for suggesting these improvements. 235 236* Significantly reworked AsyncSSH line editor support to improve its 237 performance by several orders of magnitude on long input lines, and 238 added a configurable maximum line length when the editor is in use to 239 avoid potential denial-of-service attacks. This limit defaults to 240 1024 bytes, but with the improvements it can reasonably handle lines 241 which are megabytes in size if needed. 242 243* Changed AsyncSSH to allow SSH agent identities to still be used when 244 an explicit list of client keys is specified, for better compatibility 245 with OpenSSH. The previous behavior can still be achieved by explicitly 246 setting the agent_path option to None when setting client_keys. 247 248* Changed AsyncSSH to enforce a limit of 1024 characters on usernames 249 when acting as a server to avoid a potential denial-of-service issue 250 related to SASLprep username normalization. 251 252* Changed SCP implementation to explicitly yield to other coroutines 253 when sending a large file to better share an event loop. 254 255* Fixed a few potential race conditions related to cleanup of objects 256 during connection close. Thanks go to Thomas Léveil for reporting one 257 of these places and suggesting a fix. 258 259* Re-applied a previous fix which was unintentionally lost to allow 260 Pageant to be used by default on Windows. 261 262Release 2.4.2 (11 Sep 2020) 263--------------------------- 264 265* Fixed a potential race condition when receiving EOF right after a 266 channel is opened. Thanks go to Alex Shafer for reporting this and 267 helping to track down the root cause. 268 269* Fixed a couple of issues related to the error_handler and 270 progress_handler callbacks in AsyncSSH SFTP/SCP. Thanks go to 271 geraldnj for noticing and reporting these. 272 273* Fixed a couple of issues related to using pathlib objects with 274 AsyncSSH SCP. 275 276Release 2.4.1 (5 Sep 2020) 277-------------------------- 278 279* Fixed SCP server to send back an exit status when closing the SSH 280 channel, since the OpenSSH scp client returns this status to the 281 shell which executed it. Thanks go to girtsf for catching this. 282 283* Fixed listeners created by forward_local_port(), forward_local_path(), 284 and forward_socks() to automatically close when the SSH connection 285 closes, unblocking any wait_closed() calls which are in progress. 286 Thanks go to rmawatson for catching this. 287 288* Fixed a potential exception that could trigger when the SSH 289 connection is closed while authentication is in progress. 290 291* Fixed tunnel connect code to properly clean up an implicitly created 292 tunnel when a failure occurs in trying to open a connection over 293 that tunnel. 294 295Release 2.4.0 (29 Aug 2020) 296--------------------------- 297 298* Added support for accessing keys through a PKCS#11 provider, allowing 299 keys on PIV security tokens to be used directly by AsyncSSH without 300 the need to run an SSH agent. X.509 certificates can also be retrieved 301 from the security token and used with SSH servers which support that. 302 303* Added support for using Ed25519 and Ed448 keys in X.509 certificates, 304 and the corresponding SSH certificate and signature algorithms. 305 Certificates can use these keys as either subject keys or signing keys, 306 and certificates can be generated by either AsyncSSH or by OpenSSL 307 version 1.1.1 or later. 308 309* Added support for feed_data() and feed_eof() methods in SSHReader, 310 mirroring methods of the same name in asyncio's StreamReader to 311 improve interoperability between the two APIs. Thanks go to Mikhail 312 Terekhov for suggesting this and providing an example implementation. 313 314* Updated unit tests to test interoperability with OpenSSL 1.1.1 when 315 reading and writing Ed25519 and Ed448 public and private key files. 316 Previously, due to lack of support in OpenSSL, AsyncSSH could only 317 test against OpenSSH, and only in OpenSSH key formats. With OpenSSL 318 1.1.1, testing is now also done using PKCS#8 format. 319 320* Fixed config file parser to properly ignore all comment lines, even 321 if the lines contain unbalanced quotes. 322 323* Removed a note about the lack of a timeout parameter in the AsyncSSH 324 connect() method, now that it supports a login_timeout argument. 325 Thanks go to Tomasz Drożdż for catching this. 326 327Release 2.3.0 (12 Jul 2020) 328--------------------------- 329 330* Added initial support for reading configuration from OpenSSH-compatible 331 config files, when present. Both client and server configuration files 332 are supported, but not all config options are supported. See the 333 AsyncSSH documentation for the latest list of what client and server 334 options are supported, as well as what match conditions and percent 335 substitutions are understood. 336 337* Added support for the concept of only a subset of supported algorithms 338 being enabled by default, and for the ability to use wildcards when 339 specifying algorithm names. Also, OpenSSH's syntax of prefixing the 340 list with '^', '+', or '-' is supported for incrementally adjusting 341 the list of algorithms starting from the default set. 342 343* Added support for specifying a preferred list of client authentication 344 methods, in order of preference. Previously, the order of preference 345 was hard-coded into AsyncSSH. 346 347* Added the ability to use AsyncSSH's "password" argument on servers 348 which are using keyboard-interactive authentication to prompt for a 349 "passcode". Previously, this was only supported when the prompt was 350 for a "password". 351 352* Added support for providing separate lists of private keys and 353 certificates, rather than requiring them to be specifying together as 354 a tuple. When this new option is used, AsyncSSH will automatically 355 associate the private keys with their corresponding certificates if 356 matching certificates are present in the list. 357 358* Added support for the "known_hosts" argument to accept a list of known 359 host files, rather than just a single file. Known hosts can also be 360 specified using the GlobalKnownHostFile and UserKnownHostFile config 361 file options, each of which can take multiple filenames. 362 363* Added new "request_tty" option to provide finer grained control over 364 whether AsyncSSH will request a TTY when opening new sessions. The 365 default is to still tie this to whether a "term_type" is specified, 366 but now that can be overridden. Supported options of "yes", "no", 367 "force", and "auto" match the values supported by OpenSSH. 368 369* Added new "rdns_lookup" option to control whether the server does a 370 reverse DNS of client addresses to allow matching of clients based 371 on hostname in authorized keys and config files. When this option 372 is disabled (the default), matches can only be based on client IP. 373 374* Added new "send_env" argument when opening a session to forward local 375 environment variables using their existing values, augmenting the 376 "env" argument that lets you specify remote environment variables to 377 set and their corresponding values. 378 379* Added new "tcp_keepalive" option to control whether TCP-level 380 keepalives are enabled or not on SSH connections. Previously, TCP 381 keepalives were enabled unconditionally and this is still the default, 382 but the new option provides a way to disable them. 383 384* Added support for sending and parsing client EXT_INFO messages, and 385 for sending the "global-requests-ok" option in these messages when 386 AsyncSSH is acting as a client. 387 388* Added support for expansion of '~' home directory expansion when 389 specifying arguments which contain filenames. 390 391* Added support for time intervals and byte counts to optionally be 392 specified as string values with units, allowing for values such as 393 "1.5h" or "1h30m" instead of having to specify that as 5400 seconds. 394 Similarly, a byte count of "1g" can be passed to indicate 1 gigabyte, 395 rather than specifying 1073741824 bytes. 396 397* Enhanced logging to report lists of sent and received algorithms when 398 no matching algorithm is found. Thanks go to Jeremy Schulman for 399 suggesting this. 400 401* Fixed an interoperability issue with PKIXSSH when attempting to use 402 X.509 certificates with a signature algorithm of "x509v3-rsa2048-sha256". 403 404* Fixed an issue with some links not working in the ReadTheDocs sidebar. 405 Thanks go to Christoph Giese for reporting this issue. 406 407* Fixed keepalive handler to avoid leaking a timer object in some cases. 408 Thanks go to Tom van Neerijnen for reporting this issue. 409 410Release 2.2.1 (18 Apr 2020) 411--------------------------- 412 413* Added optional timeout parameter to SSHClientProcess.wait() and 414 SSHClientConnection.run() methods. 415 416* Created subclasses for SFTPError exceptions, allowing applications 417 to more easily have distinct exception handling for different errors. 418 419* Fixed an issue in SFTP parallel I/O related to handling low-level 420 connection failures. Thanks go to Mikhail Terekhov for reporting 421 this issue. 422 423* Fixed an issue with SFTP file copy where a local file could sometimes 424 be left open if an attempt to close a remote file failed. 425 426* Fixed an issue in the handling of boolean return values when 427 SSHServer.server_requested() returns a coroutine. Thanks go to 428 Tom van Neerijnen for contributing this fix. 429 430* Fixed an issue with passing tuples to the SFTP copy functions. Thanks 431 go to Marc Gagné for reporting this and doing the initial analysis. 432 433Release 2.2.0 (29 Feb 2020) 434--------------------------- 435 436* Added support for U2F/FIDO2 security keys, with the following capabilities: 437 438 * ECDSA (NISTP256) and Ed25519 key algorithms 439 * Key generation, including control over the application and user the 440 key is associated with and whether touch is required when using the key 441 * Certificate generation, both as a key being signed and a CA key 442 * Resident keys, allowing security keys to be used on multiple machines 443 without any information being stored outside of the key 444 * Access to and management of keys loaded in an OpenSSH ssh-agent 445 * Support for both user and host keys and certificates 446 * Support for "no-touch-required" option in authorized_keys files 447 * Support for "no-touch-required" option in OpenSSH certificates 448 * Compatibility with security key support added in OpenSSH version 8.2 449 450* Added login timeout client option and limits on the length and number 451 of banner lines AsyncSSH will accept prior to the SSH version header. 452 453* Improved load_keypairs() to read public key files, confirming that they 454 are consistent with their associated private key when they are present. 455 456* Fixed issues in the SCP server related to handling filenames with spaces. 457 458* Fixed an issue with resuming reading after readuntil() returns an 459 incomplete read. 460 461* Fixed a potential issue related to asyncio not reporting sockname/peername 462 when a connection is closed immediately after it is opened. 463 464* Made SSHConnection a subclass of asyncio.Protocol to please type checkers. 465 466Release 2.1.0 (30 Nov 2019) 467--------------------------- 468 469* Added support in the SSHProcess redirect mechanism to accept asyncio 470 StreamReader and StreamWriter objects, allowing asyncio streams to 471 be plugged in as stdin/stdout/stderr in an SSHProcess. 472 473* Added support for key handlers in the AsyncSSH line editor to trigger 474 signals being delivered when certain "hot keys" are hit while reading 475 input. 476 477* Improved cleanup of unreturned connection objects when an error occurs 478 or the connection request is canceled or times out. 479 480* Improved cleanup of SSH agent client objects to avoid triggering a false 481 positive warning in Python 3.8. 482 483* Added an example to the documentation for how to create reverse-direction 484 SSH client and server connections. 485 486* Made check of session objects against None explicit to avoid confusion 487 on user-defined sessions that implement __len__ or __bool__. Thanks go 488 to Lars-Dominik Braun for contributing this improvement! 489 490Release 2.0.1 (2 Nov 2019) 491-------------------------- 492 493* Some API changes which should have been included in the 2.0.0 release 494 were missed. This release corrects that, but means that additional 495 changes may be needed in applications moving to 2.0.1. This should 496 hopefully be the last of such changes, but if any other issues are 497 discovered, additional changes will be limited to 2.0.x patch releases 498 and the API will stabilize again in the AsyncSSH 2.1 release. See the 499 next bullet for details about the additional incompatible change. 500 501* To be consistent with other connect and listen functions, all methods 502 on SSHClientConnection which previously returned None on listen 503 failures have been changed to raise an exception instead. A new 504 ChannelListenError exception will now be raised when an SSH server 505 returns failure on a request to open a remote listener. This change 506 affects the following SSHClientConnection methods: create_server, 507 create_unix_server, start_server, start_unix_server, 508 forward_remote_port, and forward_remote_path. 509 510* Restored the ability for SSHListener objects to be used as async 511 context managers. This previously worked in AsyncSSH 1.x and was 512 unintentionally broken in AsyncSSH 2.0.0. 513 514* Added support for a number of additional functions to be called from 515 within an "async with" statement. These functions already returned 516 objects capable of being async context managers, but were not decorated 517 to allow them to be directly called from within "async with". This 518 change applies to the top level functions create_server, listen, and 519 listen_reverse and the SSHClientConnection methods create_server, 520 create_unix_server, start_server, start_unix_server, forward_local_port, 521 forward_local_path, forward_remote_port, forward_remote_path, 522 listen_ssh, and listen_reverse_ssh, 523 524* Fixed a couple of issues in loading OpenSSH-format certificates which 525 were missing a trailing newline. 526 527* Changed load_certificates() to allow multiple certificates to be loaded 528 from a single byte string argument, making it more consistent with 529 how load_certificates() works when reading from a file. 530 531Release 2.0.0 (26 Oct 2019) 532--------------------------- 533 534* NEW MAJOR VERSION: See below for potentially incompatible changes. 535 536* Updated AsyncSSH to use the modern async/await syntax internally, 537 now requiring Python 3.6 or later. Those wishing to use AsyncSSH on 538 Python 3.4 or 3.5 should stick to the AsyncSSH 1.x releases. 539 540* Changed first argument of SFTPServer constructor from an 541 SSHServerConnection (conn) to an SSHServerChannel (chan) to allow 542 custom SFTP server implementations to access environment variables 543 set on the channel that SFTP is run over. Applications which subclass 544 the SFTPServer class and implement an __init__ method will need to be 545 updated to account for this change and pass the new argument through 546 to the SFTPServer parent class. If the subclass has no __init__ and 547 just uses the connection, channel, and env properties of SFTPServer 548 to access this information, no changes should be required. 549 550* Removed deprecated "session_encoding" and "session_errors" arguments 551 from create_server() and listen() functions. These arguments were 552 renamed to "encoding" and "errors" back in version 1.16.0 to be 553 consistent with other AsyncSSH APIs. 554 555* Removed get_environment(), get_command(), and get_subsystem() methods 556 on SSHServerProcess class. This information was made available as 557 "env", "command", and "subsystem" properties of SSHServerProcess in 558 AsyncSSH 1.11.0. 559 560* Removed optional loop argument from all public AsyncSSH APIs, 561 consistent with the deprecation of this argument in the asyncio 562 package in Python 3.8. Calls will now always use the event loop 563 which is active at the time of the call. 564 565* Removed support for non-async context managers on AsyncSSH connections 566 and processes and SFTP client connections and file objects. Callers 567 should use "async with" to invoke the async the context managers on 568 these objects. 569 570* Added support for SSHAgentClient being an async context manager. To 571 be consistent with other connect calls, connect_agent() will now 572 raise an exception when no agent is found or a connection failure 573 occurs, rather than logging a warning and returning None. Callers 574 should catch OSError or ChannelOpenError exceptions rather than 575 looking for a return value of None when calling this function. 576 577* Added set_input() and clear_input() methods on SSHLineEditorChannel 578 to change the value of the current input line when line editing is 579 enabled. 580 581* Added is_closing() method to the SSHChannel, SSHProcess, SSHWriter, 582 and SSHSubprocessTransport classes. mirroring the asyncio 583 BaseTransport and StreamWriter methods added in Python 3.7. 584 585* Added wait_closed() async method to the SSHWriter class, mirroring 586 the asyncio StreamWriter method added in Python 3.7. 587 588Release 1.18.0 (23 Aug 2019) 589---------------------------- 590 591* Added support for GSSAPI ECDH and Edwards DH key exchange algorithms. 592 593* Fixed gssapi-with-mic authentication to work with GSS key exchanges, 594 in cases where gssapi-keyex is not supported. 595 596* Made connect_ssh and connect_reverse_ssh methods into async context 597 managers, simplifying the syntax needed to use them to create tunneled 598 SSH connections. 599 600* Fixed a couple of issues with known hosts matching on tunneled SSH 601 connections. 602 603* Improved flexibility of key/certificate parser automatic format 604 detection to properly recognize PEM even when other arbitrary text 605 is present at the beginning of the file. With this change, the 606 parser can also now handle mixing of multiple key formats in a 607 single file. 608 609* Added support for OpenSSL "TRUSTED" PEM certificates. For now, no 610 enforcement is done of the additional trust restrictions, but such 611 certificates can be loaded and used by AsyncSSH without converting 612 them back to regular PEM format. 613 614* Fixed some additional SFTP and SCP issues related to parsing of 615 Windows paths with drive letters and paths with multiple colons. 616 617* Made AsyncSSH tolerant of a client which sends multiple service 618 requests for the "ssh-userauth" service. This is needed by the 619 Paramiko client when it tries more than one form of authentication 620 on a connection. 621 622Release 1.17.1 (23 Jul 2019) 623---------------------------- 624 625* Improved construction of file paths in SFTP to better handle native 626 Windows source paths containing backslashes or drive letters. 627 628* Improved SFTP parallel I/O for large reads and file copies to better 629 handle the case where a read returns less data than what was requested 630 when not at the end of the file, allowing AsyncSSH to get back the 631 right result even if the requested block size is larger than the 632 SFTP server can handle. 633 634* Fixed an issue where the requested SFTP block_size wasn't used in the 635 get, copy, mget, and mcopy functions if it was larger than the 636 default size of 16 KB. 637 638* Fixed a problem where the list of client keys provided in an 639 SSHClientConnectionOptions object wasn't always preserved properly 640 across the opening of multiple SSH connections. 641 642* Changed SSH agent client code to avoid printing a warning on Windows 643 when unable to connect to the SSH agent using the default path. A 644 warning will be printed if the agent_path or SSH_AUTH_SOCK is 645 explicitly set, but AsyncSSH will remain quiet if no agent path is 646 set and no SSH agent is running. 647 648* Made AsyncSSH tolerant of unexpected authentication success/failure 649 messages sent after authentication completes. AsyncSSH previously 650 treated this as a protocol error and dropped the connection, while 651 most other SSH implementations ignored these messages and allowed 652 the connection to continue. 653 654* Made AsyncSSH tolerant of SFTP status responses which are missing 655 error message and language tag fields, improving interoperability 656 with servers that omit these fields. When missing, AsyncSSH treats 657 these fields as if they were set to empty strings. 658 659Release 1.17.0 (31 May 2019) 660---------------------------- 661 662* Added support for "reverse direction" SSH connections, useful to 663 support applications like NETCONF Call Home, described in RFC 8071. 664 665* Added support for the PyCA implementation of Chacha20-Poly1305, 666 eliminating the dependency on libnacl/libsodium to provide this 667 functionality, as long as OpenSSL 1.1.1b or later is installed. 668 669* Restored libnacl support for Curve25519/Ed25519 on systems which 670 have an older version of OpenSSL that doesn't have that support. 671 This fallback also applies to Chacha20-Poly1305. 672 673* Fixed Pageant support on Windows to use the Pageant agent by default 674 when it is available and client keys are not explicitly configured. 675 676* Disabled the use of RSA SHA-2 signatures when using the Pageant 677 or Windows 10 OpenSSH agent on Windows, since neither of those 678 support the signature flags options to request them. 679 680* Fixed a regression where a callable was no longer usable in the 681 sftp_factory argument of create_server. 682 683Release 1.16.1 (30 Mar 2019) 684---------------------------- 685 686* Added channel, connection, and env properties to SFTPServer instances, 687 so connection and channel information can be used to influence the 688 SFTP server's behavior. Previously, connection information was made 689 avaiable through the constructor, but channel and environment 690 information was not. Now, all of these are available as properties 691 on the SFTPServer instance without the need to explicitly store anything 692 in a custom constructor. 693 694* Optimized SFTP glob matching when the glob pattern contains directory 695 names without glob characters in them. Thanks go to Mikhail Terekhov 696 for contributing this improvement! 697 698* Added support for PurePath in a few places that were missed when this 699 support was originally added. Once again, thanks go to Mikhail Terehkov 700 for these fixes. 701 702* Fixed bug in SFTP parallel I/O file reader where it sometimes returned 703 EOF prematurely. Thanks go to David G for reporting this problem and 704 providing a reproducible test case. 705 706* Fixed test failures seen on Fedora Rawhide. Thanks go to Georg Sauthof 707 for reporting this issue and providing a test environment to help debug 708 it. 709 710* Updated Ed25519/448 and Curve25519/448 tests to only run when these 711 algorithms are available. Thanks go to Ondřej Súkup for reporting 712 this issue and providing a suggested fix. 713 714Release 1.16.0 (2 Mar 2019) 715--------------------------- 716 717* Added support for Ed448 host/client keys and certificates and 718 rewrote Ed25519 support to use the PyCA implementation, reducing 719 the dependency on libnacl and libsodium to only be needed to 720 support the chacha20-poly1305 cipher. 721 722* Added support for PKCS#8 format Ed25519 and Ed448 private and 723 public keys (in addition to the OpenSSH format previously 724 supported). 725 726* Added support for multiple delimiters in SSHReader's readuntil() 727 function, causing it to return data as soon as any of the 728 specified delimiters are matched. 729 730* Added the ability to register custom key handlers in the line 731 editor which can modify the input line, extending the built-in 732 editing functionality. 733 734* Added SSHSubprocessProtocol and SSHSubprocessTransport classes 735 to provide compatibility with asyncio.SubprocessProtocol and 736 asyncio.SubprocessTransport. Code which is designed to call 737 BaseEventLoop.subprocess_shell() or BaseEventLoop.subprocess_exec() 738 can be easily adapted to work against a remote process by calling 739 SSHClientConnection.create_subprocess(). 740 741* Added support for sending keepalive messages when the SSH 742 connection is idle, with an option to automatically disconnect 743 the connection if the remote system doesn't respond to these 744 keepalives. 745 746* Changed AsyncSSH to ignore errors when loading unsupported key 747 types from the default file locations. 748 749* Changed the reuse_port option to only be available on Python 750 releases which support it (3.4.4 and later). 751 752* Fixed an issue where MSG_IGNORE packets could sometimes be sent 753 between MSG_NEWKEYS and MSG_EXT_INFO, which caused some SSH 754 implementations to fail to properly parse the MSG_EXT_INFO. 755 756* Fixed a couple of errors in the handling of disconnects occurring 757 prior to authentication completing. 758 759* Renamed "session_encoding" and "session_errors" arguments in 760 asyncssh.create_server() to "encoding" and "errors", to match 761 the names used for these arguments in other AsyncSSH APIs. The 762 old names are still supported for now, but they are marked as 763 deprecated and will be removed in a future release. 764 765Release 1.15.1 (21 Jan 2019) 766---------------------------- 767 768* Added callback-based host validation in SSHClient, allowing callers 769 to decide programmatically whether to trust server host keys and 770 certificates rather than having to provide a list of trusted values 771 in advance. 772 773* Changed SSH client code to only load the default known hosts file if 774 if exists. Previously an error was returned if a known_hosts value 775 wasn't specified and the default known_hosts file didn't exist. For 776 host validate to work in this case, verification callbacks must be 777 implemented or other forms of validation such as X.509 trusted CAs 778 or GSS-based key exchange must be used. 779 780* Fixed known hosts validation to completely disable certificate checks 781 when known_hosts is set to None. Previously, key checking was disabled 782 in this case but other checks for certificate expiration and hostname 783 mismatch were still performed, causing connections to fail even when 784 checking was supposed to be disabled. 785 786* Switched curve25519 key exchange to use the PyCA implementation, 787 avoiding a dependency on libnacl/libsodium. For now, support for 788 Ed25519 keys still requires these libraries. 789 790* Added get_fingerprint() method to return a fingerprint of an SSHKey. 791 792 793Release 1.15.0 (26 Nov 2018) 794---------------------------- 795 796* Added the ability to pass keyword arguments provided in the scp() 797 command through to asyncssh.connect() calls it makes, allowing 798 things like custom credentials to be specified. 799 800* Added support for a reuse_port argument in create_server(). If 801 set, this will be passed to the asyncio loop.create_server() call 802 which creates listening sockets. 803 804* Added support for "soft" EOF when line editing in enabled so that 805 EOF can be signalled multiple times on a channel. When Ctrl-D is 806 received on a channel with line editing enabled, EOF is returned 807 to the application but the channel remains open and capable of 808 accepting more input, allowing an interactive shell to process 809 the EOF for one command but still accept input for subsequent 810 commands. 811 812* Added support for the Windows 10 OpenSSH ssh-agent. Thanks go to 813 SamP20 for providing an initial proof of concept and a suggested 814 implementation. 815 816* Reworked scoped link-local IPv6 address normalization to work 817 better on Linux systems. 818 819* Fixed a problem preserving directory structure in recursive scp(). 820 821* Fixed SFTP chmod tests to avoid attempting to set the sticky bit on 822 a plain file, as this caused test failures on FreeBSD. 823 824* Updated note in SSHClientChannel's send_signal() documentation to 825 reflect that OpenSSH 7.9 and later should now support processing 826 of signal messages. 827 828Release 1.14.0 (8 Sep 2018) 829--------------------------- 830 831* Changed license from EPL 1.0 to EPL 2.0 with GPL 2.0 or later as an 832 available secondary license. 833 834* Added support for automatically parallelizing large reads and write 835 made using the SFTPClientFile class, similar to what was already 836 available in the get/put/copy methods of SFTPClient. 837 838* Added support for get_extra_info() in SSH process classes, returning 839 information associated with the channel the process is tied to. 840 841* Added new set_extra_info() method on SSH connection and channel 842 classes, allowing applications to store additional information on 843 these objects. 844 845* Added handlers for OpenSSH keepalive global & channel requests to 846 avoid messages about unknown requests in the debug log. These requests 847 are still logged, but at debug level 2 instead of 1 and they are not 848 labeled as unknown. 849 850* Fixed race condition when closing sockets associated with forwarded 851 connections. 852 853* Improved error handling during connection close in SFTPClient. 854 855* Worked around issues with integer overflow on systems with a 856 32-bit time_t value when dates beyond 2038 are used in X.509 857 certificates. 858 859* Added guards around some imports and tests which were causing 860 problems on Fedora 27. 861 862* Changed debug level for reporting PTY modes from 1 to 2 to reduce 863 noise in the logs. 864 865* Improved SFTP debug log output when sending EOF responses. 866 867Release 1.13.3 (23 Jul 2018) 868---------------------------- 869 870* Added support for setting the Unicode error handling strategy in 871 conjunction with setting an encoding when creating new SSH sessions, 872 streams, and processes. This strategy can also be set when specifying 873 a session encoding in create_server(), and when providing an encoding 874 in the get_comment() and set_comment() functions on private/public 875 keys and certificates. 876 877* Changed handling of Unicode in channels to use incrmeental codec, 878 similar to what was previously done in process redirection. 879 880* Added Python 3.7 to the list of classifiers in setup.py, now that it 881 has been released. 882 883* Updated Travis CI configuration to add Python 3.7 builds, and moved 884 Linux builds on never versions of Python up to xenial. 885 886* Added missing coroutine decorator in test_channel. 887 888Release 1.13.2 (3 Jul 2018) 889--------------------------- 890 891* Added support for accessing client host keys via the OpenSSH 892 ssh-keysign program when doing host-based authentication. If 893 ssh-keysign is present and enabled on the system, an AsyncSSH 894 based SSH client can use host-based authentication without 895 access to the host private keys. 896 897* Added support for using pathlib path objects when reading and 898 writing private and public keys and certificates. 899 900* Added support for auth_completed() callback in the SSHServer 901 class which runs when authentication completes successfully 902 on each new connection. 903 904* Fixed host-based authentication unit tests to mock out calls 905 to getnameinfo() to avoid failures on systems with restricted 906 network functionality. 907 908Release 1.13.1 (16 Jun 2018) 909---------------------------- 910 911* Added client and server support for host-based SSH authentication. 912 If enabled, this will allow all users from a given host to be 913 authenticated by a shared host key, rather than each user needing 914 their own key. This should only be used with hosts which are trusted 915 to keep their host keys secure and provide accurate client usernames. 916 917* Added support for RSA key exchange algorithms (rsa2048-sha256 and 918 rsa1024-sha1) available in PuTTY and some mobile SSH clients. 919 920* Added support for the SECP256K1 elliptic curve for ECDSA keys and 921 ECDH key exchange. This curve is supported by the Bitvise SSH client 922 and server. 923 924* Added debug logging of the algorithms listed in a received kexinit 925 message. 926 927Release 1.13.0 (20 May 2018) 928---------------------------- 929 930* Added support for dynamic port forwarding via SOCKS, where AsyncSSH 931 will open a listener which understands SOCKS connect requests and 932 for each request open a TCP/IP tunnel over SSH to the requested host 933 and port. 934 935* Added support in SSHProcess for I/O redirection to file objects that 936 implement read(), write(), and close() functions as coroutines, such 937 as the "aiofiles" package. In such cases, AsyncSSH will automaically 938 detect that it needs to make async calls to these methods when it 939 performs I/O. 940 941* Added support for using pathlib objects in SSHProcess I/O redirection. 942 943* Added multiple improvements to pattern matching support in the SFTPClient 944 glob(), mget(), mput(), and mcopy() methods. AsyncSSH now allows you 945 to use '**' in a pattern to do a recursive directory search, allows 946 character ranges in square brackets in a pattern, and allows a trailing 947 slash in a pattern to be specified to request that only directories 948 matching the pattern should be returned. 949 950* Fixed an issue with calling readline() and readuntil() with a timeout, 951 where partial data received before the timeout was sometimes discarded. 952 Any partial data which was received when a timeout occurs will now be 953 left in the input buffer, so it is still available to future read() 954 calls. 955 956* Fixed a race condition where trying to restart a read() after a timeout 957 could sometimes raise an exception about multiple simultaneous reads. 958 959* Changed readuntil() in SSHReader to raise IncompleteReadError if the 960 receive window fills up before a delimiter match is found. This also 961 applies to readline(), which will return a partial line without a 962 newline at the end when this occurs. To support longer lines, a caller 963 can call readuntil() or readline() as many times as they'd like, 964 appending the data returned to the previous partial data until a 965 delimiter is found or some maximum size is exceeded. Since the default 966 window size is 2 MBytes, though, it's very unlikely this will be needed 967 in most applications. 968 969* Reworked the crypto support in AsyncSSH to separate packet encryption 970 and decryption into its own module and simplified the directory 971 structure of the asyncssh.crypto package, eliminating a pyca subdirectory 972 that was created back when AsyncSSH used a mix of PyCA and PyCrypto. 973 974 975Release 1.12.2 (17 Apr 2018) 976---------------------------- 977 978* Added support for using pathlib objects as paths in calls to SFTP 979 methods, in addition to Unicode and byte strings. This is mainly 980 intended for use in constructing local paths, but it can also be 981 used for remote paths as long as POSIX-style pathlib objects are 982 used and an appropriate path encoding is set to handle the 983 conversion from Unicode to bytes. 984 985* Changed server EXT_INFO message to only be sent after the first SSH key 986 exchange, to match the specification recently published in RFC 8308. 987 988* Fixed edge case in TCP connection forwarding where data received 989 on a forward TCP connection was not delivered if the connection was 990 closed or half-closed before the corresponding SSH tunnel was fully 991 established. 992 993* Made note about OpenSSH not properly handling send_signal more visible. 994 995Release 1.12.1 (10 Mar 2018) 996---------------------------- 997 998* Implemented a fix for CVE-2018-7749, where a modified SSH client could 999 request that an AsyncSSH server perform operations before authentication 1000 had completed. Thanks go to Matthijs Kooijman for discovering and 1001 reporting this issue and helping to review the fix. 1002 1003* Added a non-blocking collect_output() method to SSHClientProcess to 1004 allow applications to retrieve data received on an output stream 1005 without blocking. This call can be called multiple times and freely 1006 intermixed with regular read calls with a guarantee that output will 1007 always be returned in order and without duplication. 1008 1009* Updated debug logging implementation to make it more maintainable, and 1010 to fix an issue where unprocessed packets were not logged in some cases. 1011 1012* Extended the support below for non-ASCII characters in comments to apply 1013 to X.509 certificates, allowing an optional encoding to be passed in to 1014 get_comment() and set_comment() and a get_comment_bytes() function to 1015 get the raw comment bytes without performing Unicode decoding. 1016 1017* Fixed an issue where a UnicodeDecodeError could be reported in some 1018 cases instead of a KeyEncryptionError when a private key was imported 1019 using the wrong passphrase. 1020 1021* Fixed the reporting of the MAC algorithm selected during key exchange to 1022 properly report the cipher name for GCM and Chacha ciphers that don't 1023 use a separate MAC algorithm. The correct value was being returned in 1024 queries after the key exchange was complete, but the logging was being 1025 done before this adjustment was made. 1026 1027* Fixed the documentation of connection_made() in SSHSession subclasses 1028 to properly reflect the type of SSHChannel objects passed to them. 1029 1030Release 1.12.0 (5 Feb 2018) 1031--------------------------- 1032 1033* Enhanced AsyncSSH logging framework to provide detailed logging of 1034 events in the connection, channel, key exchange, authentication, 1035 sftp, and scp modules. Both high-level information logs and more 1036 detailed debug logs are available, and debug logging supports 1037 multiple debug levels with different amounts of verboseness. 1038 Logger objects are also available on various AsyncSSH classes to 1039 allow applications to report their own log events in a manner that 1040 can be tied back to a specific SSH connection or channel. 1041 1042* Added support for begin_auth() to be a coroutine, so asynchronous 1043 operations can be performed within it to load state needed to 1044 perform SSH authentication. 1045 1046* Adjusted key usage flags set on generated X.509 certificates to be more 1047 RFC compliant and work around an issue with OpenSSL validation of 1048 self-signed non-CA certificates. 1049 1050* Updated key and certificate comment handling to be less sensitive to 1051 the encoding of non-ASCII characters. The get_comment() and set_comment() 1052 functions now take an optional encoding paramter, defaulting to UTF-8 1053 but allowing for others encodings. There's also a get_comment_bytes() 1054 function to get the comment data as bytes without performing Unicode 1055 decoding. 1056 1057* Updated AsyncSSH to be compatible with beta release of Python 3.7. 1058 1059* Updated code to address warnings reported by the latest version of pylint. 1060 1061* Cleaned up various formatting issues in Sphinx documentation. 1062 1063* Significantly reduced time it takes to run unit tests by decreasing 1064 the rounds of bcrypt encryption used when unit testing encrypted 1065 OpenSSH private keys. 1066 1067* Added support for testing against uvloop in Travis CI. 1068 1069Release 1.11.1 (15 Nov 2017) 1070---------------------------- 1071 1072* Switched to using PBKDF2 implementation provided by PyCA, replacing a 1073 much slower pure-Python implementation used in earlier releases. 1074 1075* Improved support for file-like objects in process I/O redirection, 1076 properly handling objects which don't support fileno() and allowing 1077 both text and binary file objects based on whether they have an 1078 'encoding' member. 1079 1080* Changed PEM parser to be forgiving of trailing blank lines. 1081 1082* Updated documentation to note lack of support in OpenSSH for send_signal(), 1083 terminate(), and kill() channel requests. 1084 1085* Updated unit tests to work better with OpenSSH 7.6. 1086 1087* Updated Travis CI config to test with more recent Python versions. 1088 1089Release 1.11.0 (9 Sep 2017) 1090--------------------------- 1091 1092* Added support for X.509 certificate based client and server authentication, 1093 as defined in RFC 6187. 1094 1095 * DSA, RSA, and ECDSA keys are supported. 1096 * New methods are available on SSHKey private keys to generate X.509 1097 user, host, and CA certificates. 1098 * Authorized key and known host support has been enhanced to support 1099 matching on X.509 certificates and X.509 subject names. 1100 * New arguments have been added to create_connection() and create_server() 1101 to specify X.509 trusted root CAs, X.509 trusted root CA hash directories, 1102 and allowed X.509 certificate purposes. 1103 * A new load_certificates() function has been added to more easily pre-load 1104 a list of certificates from byte strings or files. 1105 * Support for including and validating OCSP responses is not yet available, 1106 but may be added in a future release. 1107 * This support adds a new optional dependency on pyOpenSSL in setup.py. 1108 1109* Added command, subsystem, and environment properties to SSHProcess, 1110 SSHCompletedProcess, and ProcessError classes, as well as stdout and 1111 stderr properties in ProcessError which mirror what is already present 1112 in SSHCompletedProcess. Thanks go to iforapsy for suggesting this. 1113 1114* Worked around a datetime.max bug on Windows. 1115 1116* Increased the build timeout on TravisCI to avoid build failures. 1117 1118Release 1.10.1 (19 May 2017) 1119---------------------------- 1120 1121* Fixed SCP to properly call exit() on SFTPServer when the copy completes. 1122 Thanks go to Arthur Darcet for discovering this and providing a 1123 suggested fix. 1124 1125* Added support for passphrase to be specified when loading default client 1126 keys, and to ignore encrypted default keys if no passphrase is specified. 1127 1128* Added additional known hosts test cases. Thanks go to Rafael Viotti 1129 for providing these. 1130 1131* Increased the default number of rounds for OpenSSH-compatible bcrypt 1132 private key encryption to avoid a warning in the latest version of the 1133 bcrypt module, and added a note that the encryption strength scale 1134 linearly with the rounds value, not logarithmically. 1135 1136* Fixed SCP unit test errors on Windows. 1137 1138* Fixed some issues with Travis and Appveyor CI builds. 1139 1140Release 1.10.0 (5 May 2017) 1141--------------------------- 1142 1143* Added SCP client and server support, The new asyncssh.scp() function 1144 can get and put files on a remote SCP server and copy files between 1145 two or more remote SCP servers, with options similar to what was 1146 previously supported for SFTP. On the server side, an SFTPServer used 1147 to serve files over SFTP can also serve files over SCP by simply 1148 setting allow_scp to True in the call to create_server(). 1149 1150* Added a new SSHServerProcess class which supports I/O redirection on 1151 inbound connections to an SSH server, mirroring the SSHClientProcess 1152 class added previously for outbound SSH client connections. 1153 1154* Enabled TCP keepalive on SSH client and server connections. 1155 1156* Enabled Python 3 highlighting in Sphinx documentation. 1157 1158* Fixed a bug where a previously loaded SSHKnownHosts object wasn't 1159 properly accepted as a known_hosts value in create_connection() and 1160 enhanced known_hosts to accept a callable to allow applications to 1161 provide their own function to return trusted host keys. 1162 1163* Fixed a bug where an exception was raised if the connection closed 1164 while waiting for an asynchronous authentication callback to complete. 1165 1166* Fixed a bug where empty passwords weren't being properly supported. 1167 1168Release 1.9.0 (18 Feb 2017) 1169--------------------------- 1170 1171* Added support for GSSAPI key exchange and authentication when the 1172 "gssapi" module is installed on UNIX or the "sspi" module from pypiwin32 1173 is installed on Windows. 1174 1175* Added support for additional Diffie Hellman groups, and added the ability 1176 for Diffie Hellman and GSS group exchange to select larger group sizes. 1177 1178* Added overridable methods format_user() and format_group() to format user 1179 and group names in the SFTP server, defaulting to the previous behavior of 1180 using pwd.getpwuid() and grp.getgrgid() on platforms that support those. 1181 1182* Added an optional progress reporting callback on SFTP file transfers, 1183 and made the block size for these transfers configurable. 1184 1185* Added append_private_key(), append_public_key(), and append_certificate() 1186 methods on the corresponding key and certificate classes to simplify 1187 the creating of files containing a list of keys/certificates. 1188 1189* Updated readdir to break responses into chunks to avoid hitting maximum 1190 message size limits on large directories. 1191 1192* Updated SFTP to work better on Windows, properly handling drive letters 1193 and conversion between forward and back slashes in paths and handling 1194 setting of attributes on open files and proper support for POSIX rename. 1195 Also, file closes now block until the close completes, to avoid issues 1196 with file locking. 1197 1198* Updated the unit tests to run on Windows, and enabled continuous 1199 integration builds for Windows to automatically run on Appveyor. 1200 1201Release 1.8.1 (29 Dec 2016) 1202--------------------------- 1203 1204* Fix an issue in attempting to load the 'nettle' library on Windows. 1205 1206Release 1.8.0 (29 Dec 2016) 1207--------------------------- 1208 1209* Added support for forwarding X11 connections. When requested, AsyncSSH 1210 clients will allow remote X11 applications to tunnel data back to a local 1211 X server and AsyncSSH servers can request an X11 DISPLAY value to export 1212 to X11 applications they launch which will tunnel data back to an X 1213 server associated with the client. 1214 1215* Improved ssh-agent forwarding support on UNIX to allow AsyncSSH 1216 servers to request an SSH_AUTH_SOCK value to export to applications 1217 they launch in order to access the client's ssh-agent. Previously, 1218 there was support for agent forwarding on server connections within 1219 AsyncSSH itself, but they did not provide this forwarding to other 1220 applications. 1221 1222* Added support for PuTTY's Pageant agent on Windows systems, providing 1223 functionality similar to the OpenSSH agent on UNIX. AsyncSSH client 1224 connections from Windows can now access keys stored in the Pageant 1225 agent when they perform public key authentication. 1226 1227* Added support for the umac-64 and umac-128 MAC algorithms, compatible 1228 with the implementation in OpenSSH. These algorithms are preferred 1229 over the HMAC algorithms when both are available and the cipher chosen 1230 doesn't already include a MAC. 1231 1232* Added curve25519-sha256 as a supported key exchange algorithm. This 1233 algorithm is identical to the previously supported algorithm named 1234 'curve25519-sha256\@libssh.org', matching what was done in OpenSSH 7.3. 1235 Either name may now be used to request this type of key exchange. 1236 1237* Changed the default order of key exchange algorithms to prefer the 1238 curve25519-sha256 algorithm over the ecdh-sha2-nistp algorithms. 1239 1240* Added support for a readuntil() function in SSHReader, modeled after 1241 the readuntil() function in asyncio.StreamReader added in Python 3.5.2. 1242 Thanks go to wwjiang for suggesting this and providing an example 1243 implementation. 1244 1245* Fixed issues where the explicitly provided event loop value was not 1246 being passed through to all of the places which needed it. Thanks go 1247 to Vladimir Rutsky for pointing out this problem and providing some 1248 initial fixes. 1249 1250* Improved error handling when port forwarding is requested for a port 1251 number outside of the range 0-65535. 1252 1253* Disabled use of IPv6 in unit tests when opening local loopback sockets 1254 to avoid issues with incomplete IPv6 support in TravisCI. 1255 1256* Changed the unit tests to always start with a known set of environment 1257 variables rather than inheriting the environment from the shell 1258 running the tests. This was leading to test breakage in some cases. 1259 1260Release 1.7.3 (22 Nov 2016) 1261--------------------------- 1262 1263* Updated unit tests to run properly in environments where OpenSSH 1264 and OpenSSL are not installed. 1265 1266* Updated a process unit test to not depend on the system's default 1267 file encoding being UTF-8. 1268 1269* Updated Mac TravisCI builds to use Xcode 8.1. 1270 1271* Cleaned up some wording in the documentation. 1272 1273Release 1.7.2 (28 Oct 2016) 1274--------------------------- 1275 1276* Fixed an issue with preserving file access times in SFTP, and update 1277 the unit tests to more accurate detect this kind of failure. 1278 1279* Fixed some markup errors in the documentation. 1280 1281* Fixed a small error in the change log for release 1.7.0 regarding 1282 the newly added Diffie Hellman key exchange algorithms. 1283 1284Release 1.7.1 (7 Oct 2016) 1285-------------------------- 1286 1287* Fix an error that prevented the docs from building. 1288 1289 1290Release 1.7.0 (7 Oct 2016) 1291-------------------------- 1292 1293* Added support for group 14, 16, and 18 Diffie Hellman key exchange 1294 algorithms which use SHA-256 and SHA-512. 1295 1296* Added support for using SHA-256 and SHA-512 based signature algorithms 1297 for RSA keys and support for OpenSSH extension negotiation to advertise 1298 these signature algorithms. 1299 1300* Added new load_keypairs and load_public_keys API functions which 1301 support expicitly loading keys using the same syntax that was 1302 previously available for specifying client_keys, authorized_client_keys, 1303 and server_host_keys arguments when creating SSH clients and servers. 1304 1305* Enhanced the SSH agent client to support adding and removing keys 1306 and certificates (including support for constraints) and locking and 1307 unlocking the agent. Support has also been added for adding and 1308 removing smart card keys in the agent. 1309 1310* Added support for getting and setting a comment value when generating 1311 keys and certificates, and decoding and encoding this comment when 1312 importing and exporting keys that support it. Currently, this is 1313 available for OpenSSH format private keys and OpenSSH and RFC 4716 1314 format public keys. These comment values are also passed on to the 1315 SSH agent when keys are added to it. 1316 1317* Fixed a bug in the generation of ECDSA certificates that showed up 1318 when trying to use the nistp384 or nistp521 curves. 1319 1320* Updated unit tests to use the new key and certificate generation 1321 functions, eliminating the dependency on the ssh-keygen program. 1322 1323* Updated unit tests to use the new SSH agent support when adding keys 1324 to the SSH agent, eliminating the dependency on the ssh-add program. 1325 1326* Incorporated a fix from Vincent Bernat for an issue with launching 1327 ssh-agent on some systems during unit testing. 1328 1329* Fixed some typos in the documentation found by Jakub Wilk. 1330 1331Release 1.6.2 (4 Sep 2016) 1332-------------------------- 1333 1334* Added generate_user_certificate() and generate_host_certificate() methods 1335 to SSHKey class to generate SSH certificates, and export_certificate() 1336 and write_certificate() methods on SSHCertificate class to export 1337 certificates for use in other tools. 1338 1339* Improved editor unit tests to eliminate timing dependency. 1340 1341* Cleaned up a few minor documentation issues. 1342 1343Release 1.6.1 (27 Aug 2016) 1344--------------------------- 1345 1346* Added generate_private_key() function to create new DSA, RSA, ECDSA, or 1347 Ed25519 private keys which can be used as SSH user and host keys. 1348 1349* Removed an unintended dependency in the SSHLineEditor on session objects 1350 keep a private member which referenced the corresponding channel. 1351 1352* Fixed a race condition in SFTP unit tests. 1353 1354* Updated dependencies to require version 1.5 of the cryptography module 1355 and started to take advantage of the new one-shot sign and verify 1356 APIs it now supports. 1357 1358* Clarified the documentation of the default return value of eof_received(). 1359 1360* Added new multi-user client and server examples, showing a single 1361 process opening multiple SSH connections in parallel. 1362 1363* Updated development status and Python versions listed in setup.py. 1364 1365 1366Release 1.6.0 (13 Aug 2016) 1367--------------------------- 1368 1369* Added new create_process() and run() APIs modeled after the "subprocess" 1370 module to simplify redirection of stdin, stdout, and stderr and 1371 collection of output from remote SSH processes. 1372 1373* Added input line editing and echoing capabilities to better support 1374 interactive SSH server applications. AsyncSSH server sessions will now 1375 automatically perform input echoing and provide basic line editing 1376 capabilities to clients which request a pseudo-terminal, avoiding the 1377 need for applications to provide this functionality. 1378 1379* Added the ability to use SSHReader objects as async iterators in 1380 Python 3.5, returning input a line at a time. 1381 1382* Added support for the IUTF8 terminal mode now recognized by OpenSSH 7.3. 1383 1384* Fixed a bug where an SSHReader read() call could return an empty string 1385 when it followed a call to readline() instead of blocking until more 1386 input was available. 1387 1388* Updated AsyncSSH to use the bcrypt package from PyCA, now that it 1389 has support for the kdf function. 1390 1391* Updated the documentation and examples to show how to take advantage 1392 of the new features listed here. 1393 1394Release 1.5.6 (18 Jun 2016) 1395--------------------------- 1396 1397* Added support for Python 3.5 asynchronous context managers in 1398 SSHConnection, SFTPClient, and SFTPFile, while still maintaining 1399 backward compatibility with older Python 3.4 syntax. 1400 1401* Updated bcrypt check in test code to only test features that depend 1402 on it when the right version is available. 1403 1404* Switched testing over to using tox to better support testing on 1405 multiple versions of Python. 1406 1407* Added tests of new Python 3.5 async syntax. 1408 1409* Expanded Travis CI coverage to test both Python 3.4 and 3.5 on MacOS. 1410 1411* Updated documentation and examples to use Python 3.5 syntax. 1412 1413Release 1.5.5 (11 Jun 2016) 1414--------------------------- 1415 1416* Updated public_key module to make sure the right version of bcrypt is 1417 installed before attempting to use it. 1418 1419* Updated forward and sftp module unit tests to work better on Linux. 1420 1421* Changed README links to point at new readthedocs.io domain. 1422 1423 1424Release 1.5.4 (6 Jun 2016) 1425-------------------------- 1426 1427* Added support for setting custom SSH client and server version strings. 1428 1429* Added unit tests for the sftp module, bringing AsyncSSH up to 100% 1430 code coverage under test on all modules. 1431 1432* Added new wait_closed() method in SFTPClient class to wait for an 1433 SFTP client session to be fully closed. 1434 1435* Fixed an issue with error handling in new parallel SFTP file copy code. 1436 1437* Fixed some other minor issues in SFTP found during unit tests. 1438 1439* Fixed some minor documentation issues. 1440 1441Release 1.5.3 (2 Apr 2016) 1442-------------------------- 1443 1444* Added support for opening tunneled SSH connections, where an SSH 1445 connection is opened over another SSH connection's direct TCP/IP 1446 channel. 1447 1448* Improve performance of SFTP over high latency connections by having 1449 the internal copy method issue multiple read requests in parallel. 1450 1451* Reworked SFTP to mark all coroutine functions explicitly, to provide 1452 better compatibility with the new Python 3.5 "await" syntax. 1453 1454* Reworked create_connection() and create_server() functions to do 1455 argument checking immediately rather than in the SSHConnection 1456 constructors, improving error reporting and avoiding a bug in 1457 asyncio which can leak socket objects. 1458 1459* Fixed a hang which could occur when attempting to close an SSH 1460 connection with a listener still active. 1461 1462* Fixed an error related to passing keys in via public_key_auth_requested(). 1463 1464* Fixed a potential leak of an SSHAgentClient object when an error occurs 1465 while opening a client connection. 1466 1467* Fixed some race conditions related to channel and connection closes. 1468 1469* Fixed some minor documentation issues. 1470 1471* Continued to expand unit test coverage, completing coverage of the 1472 connection module. 1473 1474Release 1.5.2 (25 Feb 2016) 1475--------------------------- 1476 1477* Fixed a bug in UNIX domain socket forwarding introduced in 1.5.1 by the 1478 TCP_NODELAY change. 1479 1480* Fixed channel code to report when a channel is closed with incomplete 1481 Unicode data in the receive buffer. This was previously reported 1482 correctly when EOF was received on a channel, but not when it was 1483 closed without sending EOF. 1484 1485* Added unit tests for channel, forward, and stream modules, partial 1486 unit tests for the connection module, and a placeholder for unit 1487 tests for the sftp module. 1488 1489Release 1.5.1 (23 Feb 2016) 1490--------------------------- 1491 1492* Added basic support for running AsyncSSH on Windows. Some functionality 1493 such as UNIX domain sockets will not work there, and the test suite will 1494 not run there yet, but basic functionality has been tested and seems 1495 to work. This includes features like bcrypt and support for newer 1496 ciphers provided by libnacl when these optional packages are installed. 1497 1498* Greatly improved the performance of known_hosts matching on exact 1499 hostnames and addresses. Full wildcard pattern matching is still 1500 supported, but entries involving exact hostnames or addresses are 1501 now matched thousands of times faster. 1502 1503* Split known_hosts parsing and matching into separate calls so that a 1504 known_hosts file can be parsed once and used to make connections to 1505 several different hosts. Thanks go to Josh Yudaken for suggesting 1506 this and providing a sample implementation. 1507 1508* Updated AsyncSSH to allow SSH agent forwarding when it is requested 1509 even when local client keys are used to perform SSH authentication. 1510 1511* Updaded channel state machine to better handle close being received 1512 while the channel is paused for reading. Previously, some data would 1513 not be delivered in this case. 1514 1515* Set TCP_NODELAY on sockets to avoid latency problems caused by TCP 1516 delayed ACK. 1517 1518* Fixed a bug where exceptions were not always returned properly when 1519 attempting to drain writes on a stream. 1520 1521* Fixed a bug which could leak a socket object after an error opening 1522 a local TCP listening socket. 1523 1524* Fixed a number of race conditions uncovered during unit testing. 1525 1526Release 1.5.0 (27 Jan 2016) 1527--------------------------- 1528 1529* Added support for OpenSSH-compatible direct and forwarded UNIX domain 1530 socket channels and local and remote UNIX domain socket forwarding. 1531 1532* Added support for client and server side ssh-agent forwarding. 1533 1534* Fixed the open_connection() method on SSHServerConnection to not include 1535 a handler_factory argument. This should only have been present on the 1536 start_server() method. 1537 1538* Fixed wait_closed() on SSHForwardListener to work properly when a 1539 close is in progress at the time of the call. 1540 1541Release 1.4.1 (23 Jan 2016) 1542--------------------------- 1543 1544* Fixed a bug in SFTP introduced in 1.4.0 related to handling of 1545 responses to non-blocking file closes. 1546 1547* Updated code to avoid calling asyncio.async(), deprecated in 1548 Python 3.4.4. 1549 1550* Updated unit tests to avoid errors on systems with an older version 1551 of OpenSSL installed. 1552 1553Release 1.4.0 (17 Jan 2016) 1554--------------------------- 1555 1556* Added ssh-agent client support, automatically using it when SSH_AUTH_SOCK 1557 is set and client private keys aren't explicitly provided. 1558 1559* Added new wait_closed() API on SSHConnection to allow applications to wait 1560 for a connection to be fully closed and updated examples to use it. 1561 1562* Added a new login_timeout argument when create an SSH server. 1563 1564* Added a missing acknowledgement response when canceling port forwarding 1565 and fixed a few other issues related to cleaning up port forwarding 1566 listeners. 1567 1568* Added handlers to improve the catching and reporting of exceptions that 1569 are raised in asynchronous tasks. 1570 1571* Reworked channel state machine to perform clean up on a channel only 1572 after a close is both sent and received. 1573 1574* Fixed SSHChannel to run the connection_lost() handler on the SSHSession 1575 before unblocking callers of wait_closed(). 1576 1577* Fixed wait_closed() on SSHListener to wait for the acknowledgement from 1578 the SSH server before returning. 1579 1580* Fixed a race condition in port forwarding code. 1581 1582* Fixed a bug related to sending a close on a channel which got a failure 1583 when being opened. 1584 1585* Fixed a bug related to handling term_type being set without term_size. 1586 1587* Fixed some issues related to the automatic conversion of client 1588 keyboard-interactive auth to password auth. With this change, automatic 1589 conversion will only occur if the application doesn't override the 1590 kbdint_challenge_received() method and it will only attempt to 1591 authenticate once with the password provided. 1592 1593Release 1.3.2 (26 Nov 2015) 1594--------------------------- 1595 1596* Added server-side support for handling password changes during password 1597 authentication, and fixed a few other auth-related bugs. 1598 1599* Added the ability to override the automatic support for keyboard-interactive 1600 authentication when password authentication is supported. 1601 1602* Fixed a race condition in unblocking streams. 1603 1604* Removed support for OpenSSH v00 certificates now that OpenSSH no longer 1605 supports them. 1606 1607* Added unit tests for auth module. 1608 1609Release 1.3.1 (6 Nov 2015) 1610-------------------------- 1611 1612* Updated AsyncSSH to depend on version 1.1 or later of PyCA and added 1613 support for using its new Elliptic Curve Diffie Hellman (ECDH) 1614 implementation, replacing the previous AsyncSSH native Python 1615 version. 1616 1617* Added support for specifying a passphrase in the create_connection, 1618 create_server, connect, and listen functions to allow file names 1619 or byte strings containing encrypted client and server host keys 1620 to be specified in those calls. 1621 1622* Fixed handling of cancellation in a few AsyncSSH calls, so it is 1623 now possible to make calls to things like stream read or drain which 1624 time out. 1625 1626* Fixed a bug in keyboard-interactive fallback to password auth which 1627 was introduced when support was added for auth functions optionally 1628 being coroutines. 1629 1630* Move bcrypt check in encrypted key handling until it is needed so 1631 better errors can be returned if a passphrase is not specified or the 1632 key derivation function used in a key is unknown. 1633 1634* Added unit tests for the auth_keys module. 1635 1636* Updated unit tests to better handle bcrypt or libnacl not being 1637 installed. 1638 1639Release 1.3.0 (10 Oct 2015) 1640--------------------------- 1641 1642* Updated AsyncSSH dependencies to make PyCA version 1.0.0 or later 1643 mandatory and remove the older PyCrypto support. This change also 1644 adds support for the PyCA implementation of ECDSA and removes support 1645 for RC2-based private key encryption that was only supported by 1646 PyCrypto. 1647 1648* Refactored ECDH and Curve25519 key exchange code so they can share an 1649 implementation, and prepared the code for adding a PyCA shim for this 1650 as soon as support for that is released. 1651 1652* Hardened the DSA and RSA implementations to do stricter checking of the 1653 key exchange response, and sped up the RSA implementation by taking 1654 advantage of optional RSA private key parameters when they are present. 1655 1656* Added support for asynchronous client and server authentication, 1657 allowing auth-related callbacks in SSHClient and SSHServer to optionally 1658 be defined as coroutines. 1659 1660* Added support for asynchronous SFTP server processing, allowing callbacks 1661 in SFTPServer to optionally be defined as coroutines. 1662 1663* Added support for a broader set of open mode flags in the SFTP server. 1664 Note that this change is not completely backward compatible with previous 1665 releases. If you have application code which expects a Python mode 1666 string as an argument to SFTPServer open method, it will need to be 1667 changed to expect a pflags value instead. 1668 1669* Fixed handling of eof_received() when it returns false to close the 1670 half-open connection but still allow sending or receiving of exit status 1671 and exit signals. 1672 1673* Added unit tests for the asn1, cipher, compression, ec, kex, known_hosts, 1674 mac, and saslprep modules and expended the set of pbe and public_key 1675 unit tests. 1676 1677* Fixed a set of issues uncovered by ASN.1 unit tests: 1678 1679 * Removed extra 0xff byte when encoding integers of the form -128*256^n 1680 * Fixed decoding error for OIDs beginning with 2.n where n >= 40 1681 * Fixed range check for second component of ObjectIdentifier 1682 * Added check for extraneous 0x80 bytes in ObjectIdentifier components 1683 * Added check for negative component values in ObjectIdentifier 1684 * Added error handling for ObjectIdentifier components being non-integer 1685 * Added handling for missing length byte after extended tag 1686 * Raised ASN1EncodeError instead of TypeError on unsupported types 1687 1688* Added validation on asn1_class argument, and equality and hash methods 1689 to BitString, RawDERObject, and TaggedDERObject. Also, reordered 1690 RawDERObject arguments to be consistent with TaggedDERObject and added 1691 str method to ObjectIdentifier. 1692 1693* Fixed a set of issues uncovered by additional pbe unit tests: 1694 1695 * Encoding and decoding of PBES2-encrypted keys with a PRF other than 1696 SHA1 is now handled correctly. 1697 * Some exception messages were made more specific. 1698 * Additional checks were put in for empty salt or zero iteration count 1699 in encryption parameters. 1700 1701* Fixed a set of issues uncovered by additional public key unit tests: 1702 1703 * Properly handle PKCS#8 keys with invalid ASN.1 data 1704 * Properly handle PKCS#8 DSA & RSA keys with non-sequence for arg_params 1705 * Properly handle attempts to import empty string as a public key 1706 * Properly handle encrypted PEM keys with missing DEK-Info header 1707 * Report check byte mismatches for encrypted OpenSSH keys as bad passphrase 1708 * Return KeyImportError instead of KeyEncryptionError when passphrase 1709 is needed but not provided 1710 1711* Added information about branches to CONTRIBUTING guide. 1712 1713* Performed a bunch of code cleanup suggested by pylint. 1714 1715Release 1.2.1 (26 Aug 2015) 1716--------------------------- 1717 1718* Fixed a problem with passing in client_keys=None to disable public 1719 key authentication in the SSH client. 1720 1721* Updated Unicode handling to allow multi-byte Unicode characters to be 1722 split across successive SSH data messages. 1723 1724* Added a note to the documentation for AsyncSSH create_connection() 1725 explaining how to perform the equivalent of a connect with a timeout. 1726 1727Release 1.2.0 (6 Jun 2015) 1728-------------------------- 1729 1730* Fixed a problem with the SSHConnection context manager on Python versions 1731 older than 3.4.2. 1732 1733* Updated the documentation for get_extra_info() in the SSHConnection, 1734 SSHChannel, SSHReader, and SSHWriter classes to contain pointers 1735 to get_extra_info() in their parent transports to make it easier to 1736 see all of the attributes which can be queried. 1737 1738* Clarified the legal return values for the session_requested(), 1739 connection_requested(), and server_requested() methods in 1740 SSHServer. 1741 1742* Eliminated calls to the deprecated importlib.find_loader() method. 1743 1744* Made improvements to README suggested by Nicholas Chammas. 1745 1746* Fixed a number of issues identified by pylint. 1747 1748Release 1.1.1 (25 May 2015) 1749--------------------------- 1750 1751* Added new start_sftp_server method on SSHChannel to allow applications 1752 using the non-streams API to start an SFTP server. 1753 1754* Enhanced the default format_longname() method in SFTPServer to properly 1755 handle the case where not all of the file attributes are returned by 1756 stat(). 1757 1758* Fixed a bug related to the new allow_pty parameter in create_server. 1759 1760* Fixed a bug in the hashed known_hosts support introduced in some recent 1761 refactoring of the host pattern matching code. 1762 1763Release 1.1.0 (22 May 2015) 1764--------------------------- 1765 1766* SFTP is now supported! 1767 1768 * Both client and server support is available. 1769 * SFTP version 3 is supported, with OpenSSH extensions. 1770 * Recursive transfers and glob matching are supported in the client. 1771 * File I/O APIs allow files to be accessed without downloading them. 1772 1773* New simplified connect and listen APIs have been added. 1774 1775* SSHConnection can now be used as a context manager. 1776 1777* New arguments to create_server now allow the specification of a 1778 session_factory and encoding or sftp_factory as well as controls 1779 over whether a pty is allowed and the window and max packet size, 1780 avoiding the need to create custom SSHServer subclasses or custom 1781 SSHServerChannel instances. 1782 1783* New examples have been added for SFTP and to show the use of the new 1784 connect and listen APIs. 1785 1786* Copyrights in changed files have all been updated to 2015. 1787 1788Release 1.0.1 (13 Apr 2015) 1789--------------------------- 1790 1791* Fixed a bug in OpenSSH private key encryption introduced in some 1792 recent cipher refactoring. 1793 1794* Added bcrypt and libnacl as optional dependencies in setup.py. 1795 1796* Changed test_keys test to work properly when bcrypt or libnacl aren't 1797 installed. 1798 1799Release 1.0.0 (11 Apr 2015) 1800--------------------------- 1801 1802* This release finishes adding a number of major features, finally making 1803 it worthy of being called a "1.0" release. 1804 1805* Host and user certificates are now supported! 1806 1807 * Enforcement is done on principals in certificates. 1808 * Enforcement is done on force-command and source-address critical options. 1809 * Enforcement is done on permit-pty and permit-port-forwarding extensions. 1810 1811* OpenSSH-style known hosts files are now supported! 1812 1813 * Positive and negative wildcard and CIDR-style patterns are supported. 1814 * HMAC-SHA1 hashed host entries are supported. 1815 * The @cert-authority and @revoked markers are supported. 1816 1817* OpenSSH-style authorized keys files are now supported! 1818 1819 * Both client keys and certificate authorities are supported. 1820 * Enforcement is done on from and principals options during key matching. 1821 * Enforcement is done on no-pty, no-port-forwarding, and permitopen. 1822 * The command and environment options are supported. 1823 * Applications can query for their own non-standard options. 1824 1825* Support has been added for OpenSSH format private keys. 1826 1827 * DSA, RSA, and ECDSA keys in this format are now supported. 1828 * Ed25519 keys are supported when libnacl and libsodium are installed. 1829 * OpenSSH private key encryption is supported when bcrypt is installed. 1830 1831* Curve25519 Diffie-Hellman key exchange is now available via either the 1832 curve25519-donna or libnacl and libsodium packages. 1833 1834* ECDSA key support has been enhanced. 1835 1836 * Support is now available for PKCS#8 ECDSA v2 keys. 1837 * Support is now available for both NamedCurve and explicit ECParameter 1838 versions of keys, as long as the parameters match one of the supported 1839 curves (nistp256, nistp384, or nistp521). 1840 1841* Support is now available for the OpenSSH chacha20-poly1305 cipher when 1842 libnacl and libsodium are installed. 1843 1844* Cipher names specified in private key encryption have been changed to be 1845 consistent with OpenSSH cipher naming, and all SSH ciphers can now be 1846 used for encryption of keys in OpenSSH private key format. 1847 1848* A couple of race conditions in SSHChannel have been fixed and channel 1849 cleanup is now delayed to allow outstanding message handling to finish. 1850 1851* Channel exceptions are now properly delivered in the streams API. 1852 1853* A bug in SSHStream read() where it could sometimes return more data than 1854 requested has been fixed. Also, read() has been changed to properly block 1855 and return all data until EOF or a signal is received when it is called 1856 with no length. 1857 1858* A bug in the default implementation of keyboard-interactive authentication 1859 has been fixed, and the matching of a password prompt has been loosened 1860 to allow it to be used for password authentication on more devices. 1861 1862* Missing code to resume reading after a stream is paused has been added. 1863 1864* Improvements have been made in the handling of canceled requests. 1865 1866* The test code has been updated to test Ed25519 and OpenSSH format 1867 private keys. 1868 1869* Examples have been updated to reflect some of the new capabilities. 1870 1871Release 0.9.2 (26 Jan 2015) 1872--------------------------- 1873 1874* Fixed a bug in PyCrypto CipherFactory introduced during PyCA refactoring. 1875 1876Release 0.9.1 (3 Dec 2014) 1877-------------------------- 1878 1879* Added some missing items in setup.py and MANIFEST.in. 1880 1881* Fixed the install to work even when cryptographic dependencies aren't 1882 yet installed. 1883 1884* Fixed an issue where get_extra_info calls could fail if called when 1885 a connection or session was shutting down. 1886 1887Release 0.9.0 (14 Nov 2014) 1888--------------------------- 1889 1890* Added support to use PyCA (0.6.1 or later) for cryptography. AsyncSSH 1891 will automatically detect and use either PyCA, PyCrypto, or both depending 1892 on which is installed and which algorithms are requested. 1893 1894* Added support for AES-GCM ciphers when PyCA is installed. 1895 1896Release 0.8.4 (12 Sep 2014) 1897--------------------------- 1898 1899* Fixed an error in the encode/decode functions for PKCS#1 DSA public keys. 1900 1901* Fixed a bug in the unit test code for import/export of RFC4716 public keys. 1902 1903Release 0.8.3 (16 Aug 2014) 1904--------------------------- 1905 1906* Added a missing import in the curve25519 implementation. 1907 1908Release 0.8.2 (16 Aug 2014) 1909--------------------------- 1910 1911* Provided a better long description for PyPI. 1912 1913* Added link to PyPI in documentation sidebar. 1914 1915Release 0.8.1 (15 Aug 2014) 1916--------------------------- 1917 1918* Added a note in the :meth:`validate_public_key() 1919 <SSHServer.validate_public_key>` documentation clarifying that AsyncSSH 1920 will verify that the client possesses the corresponding private key before 1921 authentication is allowed to succeed. 1922 1923* Switched from setuptools to distutils and added an initial set of unit 1924 tests. 1925 1926* Prepared the package to be uploaded to PyPI. 1927 1928Release 0.8.0 (15 Jul 2014) 1929--------------------------- 1930 1931* Added support for Curve25519 Diffie Hellman key exchange on systems with 1932 the curve25519-donna Python package installed. 1933 1934* Updated the examples to more clearly show what values are returned even 1935 when not all of the return values are used. 1936 1937Release 0.7.0 (7 Jun 2014) 1938-------------------------- 1939 1940* This release adds support for the "high-level" ``asyncio`` streams API, 1941 in the form of the :class:`SSHReader` and :class:`SSHWriter` classes 1942 and wrapper methods such as :meth:`open_session() 1943 <SSHClientConnection.open_session>`, :meth:`open_connection() 1944 <SSHClientConnection.open_connection>`, and :meth:`start_server() 1945 <SSHClientConnection.start_server>`. It also allows the callback 1946 methods on :class:`SSHServer` to return either SSH session objects or 1947 handler functions that take :class:`SSHReader` and :class:`SSHWriter` 1948 objects as arguments. See :meth:`session_requested() 1949 <SSHServer.session_requested>`, :meth:`connection_requested() 1950 <SSHServer.connection_requested>`, and :meth:`server_requested() 1951 <SSHServer.server_requested>` for more information. 1952 1953* Added new exceptions :exc:`BreakReceived`, :exc:`SignalReceived`, and 1954 :exc:`TerminalSizeChanged` to report when these messages are received 1955 while trying to read from an :class:`SSHServerChannel` using the new 1956 streams API. 1957 1958* Changed :meth:`create_server() <SSHClientConnection.create_server>` to 1959 accept either a callable or a coroutine for its ``session_factory`` 1960 argument, to allow asynchronous operations to be used when deciding 1961 whether to accept a forwarded TCP connection. 1962 1963* Renamed ``accept_connection()`` to :meth:`create_connection() 1964 <SSHServerConnection.create_connection>` in the :class:`SSHServerConnection` 1965 class for consistency with :class:`SSHClientConnection`, and added a 1966 corresponding :meth:`open_connection() <SSHServerConnection.open_connection>` 1967 method as part of the streams API. 1968 1969* Added :meth:`get_exit_status() <SSHClientChannel.get_exit_status>` and 1970 :meth:`get_exit_signal() <SSHClientChannel.get_exit_signal>` methods 1971 to the :class:`SSHClientChannel` class. 1972 1973* Added :meth:`get_command() <SSHServerChannel.get_command>` and 1974 :meth:`get_subsystem() <SSHServerChannel.get_subsystem>` methods to 1975 the :class:`SSHServerChannel` class. 1976 1977* Fixed the name of the :meth:`write_stderr() <SSHServerChannel.write_stderr>` 1978 method and added the missing :meth:`writelines_stderr() 1979 <SSHServerChannel.writelines_stderr>` method to the :class:`SSHServerChannel` 1980 class for outputting data to the stderr channel. 1981 1982* Added support for a return value in the :meth:`eof_received() 1983 <SSHClientSession.eof_received>` of :class:`SSHClientSession`, 1984 :class:`SSHServerSession`, and :class:`SSHTCPSession` to support 1985 half-open channels. By default, the channel is automatically closed 1986 after :meth:`eof_received() <SSHClientSession.eof_received>` returns, 1987 but returning ``True`` will now keep the channel open, allowing output 1988 to still be sent on the half-open channel. This is done automatically 1989 when the new streams API is used. 1990 1991* Added values ``'local_peername'`` and ``'remote_peername'`` to the set 1992 of information available from the :meth:`get_extra_info() 1993 <SSHTCPChannel.get_extra_info>` method in the :class:`SSHTCPChannel` class. 1994 1995* Updated functions returning :exc:`IOError` or :exc:`socket.error` to 1996 return the new :exc:`OSError` exception introduced in Python 3.3. 1997 1998* Cleaned up some errors in the documentation. 1999 2000* The :ref:`API`, :ref:`ClientExamples`, and :ref:`ServerExamples` have 2001 all been updated to reflect these changes, and new examples showing the 2002 streams API have been added. 2003 2004Release 0.6.0 (11 May 2014) 2005--------------------------- 2006 2007* This release is a major revamp of the code to migrate from the 2008 ``asyncore`` framework to the new ``asyncio`` framework in Python 2009 3.4. All the APIs have been adapted to fit the new ``asyncio`` 2010 paradigm, using coroutines wherever possible to avoid the need 2011 for callbacks when performing asynchronous operations. 2012 2013 So far, this release only supports the "low-level" ``asyncio`` API. 2014 2015* The :ref:`API`, :ref:`ClientExamples`, and :ref:`ServerExamples` have 2016 all been updated to reflect these changes. 2017 2018 2019Release 0.5.0 (11 Oct 2013) 2020--------------------------- 2021 2022* Added the following new classes to support fully asynchronous 2023 connection forwarding, replacing the methods previously added in 2024 release 0.2.0: 2025 2026 * :class:`SSHClientListener` 2027 * :class:`SSHServerListener` 2028 * :class:`SSHClientLocalPortForwarder` 2029 * :class:`SSHClientRemotePortForwarder` 2030 * :class:`SSHServerPortForwarder` 2031 2032 These new classes allow for DNS lookups and other operations to be 2033 performed fully asynchronously when new listeners are set up. As with 2034 the asynchronous connect changes below, methods are now available 2035 to report when the listener is opened or when an error occurs during 2036 the open rather than requiring the listener to be fully set up in a 2037 single call. 2038 2039* Updated examples in :ref:`ClientExamples` and :ref:`ServerExamples` 2040 to reflect the above changes. 2041 2042Release 0.4.0 (28 Sep 2013) 2043--------------------------- 2044 2045* Added support in :class:`SSHTCPConnection` for the following methods 2046 to allow asynchronous operations to be used when accepting inbound 2047 connection requests: 2048 2049 * :meth:`handle_open_request() <SSHTCPConnection.handle_open_request>` 2050 * :meth:`report_open() <SSHTCPConnection.report_open>` 2051 * :meth:`report_open_error() <SSHTCPConnection.report_open_error>` 2052 2053 These new methods are used to implement asynchronous connect 2054 support for local and remote port forwarding, and to support 2055 trying multiple destination addresses when connection failures 2056 occur. 2057 2058* Cleaned up a few minor documentation errors. 2059 2060Release 0.3.0 (26 Sep 2013) 2061--------------------------- 2062 2063* Added support in :class:`SSHClient` and :class:`SSHServer` for setting 2064 the key exchange, encryption, MAC, and compression algorithms allowed 2065 in the SSH handshake. 2066 2067* Refactored the algorithm selection code to pull a common matching 2068 function back into ``_SSHConnection`` and simplify other modules. 2069 2070* Extended the listener class to open multiple listening sockets when 2071 necessary, fixing a bug where sockets opened to listen on ``localhost`` 2072 were not properly accepting both IPv4 and IPv6 connections. 2073 2074 Now, any listen request which resolves to multiple addresses will open 2075 listening sockets for each address. 2076 2077* Fixed a bug related to tracking of listeners opened on dynamic ports. 2078 2079Release 0.2.0 (21 Sep 2013) 2080--------------------------- 2081 2082* Added support in :class:`SSHClient` for the following methods related 2083 to performing standard SSH port forwarding: 2084 2085 * :meth:`forward_local_port() <SSHClient.forward_local_port>` 2086 * :meth:`cancel_local_port_forwarding() <SSHClient.cancel_local_port_forwarding>` 2087 * :meth:`forward_remote_port() <SSHClient.forward_remote_port>` 2088 * :meth:`cancel_remote_port_forwarding() <SSHClient.cancel_remote_port_forwarding>` 2089 * :meth:`handle_remote_port_forwarding() <SSHClient.handle_remote_port_forwarding>` 2090 * :meth:`handle_remote_port_forwarding_error() <SSHClient.handle_remote_port_forwarding_error>` 2091 2092* Added support in :class:`SSHServer` for new return values in 2093 :meth:`handle_direct_connection() <SSHServer.handle_direct_connection>` 2094 and :meth:`handle_listen() <SSHServer.handle_listen>` to activate 2095 standard SSH server-side port forwarding. 2096 2097* Added a client_addr argument and member variable to :class:`SSHServer` 2098 to hold the client's address information. 2099 2100* Added and updated examples related to port forwarding and using 2101 :class:`SSHTCPConnection` to open direct and forwarded TCP 2102 connections in :ref:`ClientExamples` and :ref:`ServerExamples`. 2103 2104* Cleaned up some of the other documentation. 2105 2106* Removed a debug print statement accidentally left in related to 2107 SSH rekeying. 2108 2109Release 0.1.0 (14 Sep 2013) 2110--------------------------- 2111 2112* Initial release 2113